FireEye has been the cybersecurity company that government agencies and top institutions around the world run to when they fear they’ve been hacked. Now, FireEye itself has become a victim of top hackers, which preliminary reports show emanated from Russian intelligence agencies.
On Tuesday, the company reported that it was hacked by a nation with a top-tier capability. In the course of the attack, the hackers stole delicate tools from the company, which can be used to launch massive attacks around the world. The company likened the attack to a bank robbery, whereby hackers, having stolen from the bank’s vault, went ahead to steal tools from it that could be used to launch a counter investigation. So novel was the techniques used in the attack that FireEye had to call in the FBI.
FireEye is one company that, over the years, has been able to identify top security breaches around the world. The company refused to say who exactly was behind the attacks, but all fingers point to Russia. The FBI had tasked its team on Russia to take over the investigation. The company stated that the hackers were after its “Red Team Tools.”
The tools are made to resemble the top hacking tools in the world. With the permission of governments or its clients, FireEye uses these tools to look for loopholes in their systems. The company secures these tools in its digital vaults. These are the tools the hackers went after.
Matt Gorham, an assistant director in the Cyber Division of the FBI, said that the modus operandi of the attack showed that a country was behind it. He confirmed that the level of sophistication of the attack was beyond the capability of a group of individuals. The Russian intelligence agencies may have used the period of the US presidential election, when the attention of security agencies, including FireEye, was turned towards securing the election from the influence of external actors to launch an attack.
It remains the biggest known hack and theft of cybersecurity tools since the heist against the National Security Agency by ShadowBrokers, a yet to be identified group of hackers to date. The group had freely given the NSA’s hacking tools to hackers all over the world. North Korea and Russia took advantage and launched attacks at governments and corporations around the world in an attack that cost over $10 billion.
Experts said using the tools from FireEye, hackers can launch attacks against a wide range of targets without blowing their cover. It also gives them the ability to hide their best tools and use those developed by others. The latest hack could be payback time for FireEye, who has always been called in when top government agencies and multinational corporations are hacked. Some of the company’s clients include Sony and Equifax.
FireEye CEO, Kevin Mandia, agreed that the current attack was quite different from the thousands of attacks that the company has been called in to handle in recent years. He said the hackers were disciplined and focused and moved covertly to avoid detection by security tools and forensics. Google, Microsoft, and other top firms agreed that techniques have never seen before were used in the attack.
FireEye has since published some elements of its Red Team tools to warn governments and companies around the world to be alert of an impending attack.